3/27/2009
Authentication is the process of a principal, a user, group, or service, or a device validating its identity to another principal or device. Windows Embedded Standard includes all of the Windows XP Professional authentication security components.
The following tables show some of the authentication security features and the Windows Embedded Standard components that must be added to support them.
The following common binaries apply to all authentication features. These binaries should be added to configurations that require authentication support.
|
Required components
|
Key binary
|
|---|
|
Local Security Authority Subsystem (LSASS)
|
Lsass.exe, Lsasrv.dll
|
|
Primitive: Secur32
|
Secure32.dll
|
|
Primitive: Crypt32
|
Crypt32.dll
|
|
Primitive: Cryptdll
|
Cryptdll.dll
|
|
Primitive: Netapi32
|
Netapi32.dll
|
|
Netlogon/NetJoin
|
Netlogon.dll
|
Basic Authentication is the native authentication method that is built into HTTP. If this feature is used, HTTP connections can be made using SSL-encrypted links with strong server-side authentication to secure the connection.
|
Required components
|
Key binary
|
|---|
|
Win32 API
|
Advapi32.dll
|
Digest authentication is a simple challenge-and-response protocol that provides increased security over Basic Authentication.
|
Required components
|
Key binary
|
|---|
|
Digest Authentication Security Package
|
Wdigest.dll
|
Windows NT LAN Manager (NTLM)
NTLM is the native authentication protocol for Windows NT 4.0, including cross-domain authentication. Included in Windows XP for backward compatibility.
|
Required components
|
Key binary
|
|---|
|
Local Security Authority Subsystem (LSASS)
|
Msv1_0.dll
|
Kerberos is an industry-standard authentication protocol.
|
Required components
|
Key binary
|
|---|
|
Local Security Authority Subsystem (LSASS)
|
Kerberos.dll
|
Passport is an online user authentication service that enables secure authentication with a single user account.
|
Required components
|
Key binary
|
|---|
|
Wininet Library
|
Wininet.dll
|
Credential Manager is a secure storage for password information that allows users to type names and passwords once. Subsequent authorizations are handled by the system.
|
Required components
|
Key binary
|
|---|
|
Credential Management User Interface
|
Credui.dll
|
|
Key Manager
|
Keymgr.dll
|
|
Win32 API - Advanced
|
Advapi32.dll
|
Secure Channel (X.059 certificates)
Secure channel is a multi-level certification authority hierarchy that allows users to use digitally-signed certificates.
|
Required components
|
Key binary
|
|---|
|
Local Security Authority Subsystem (LSASS)
|
Schannel.dll
|
|
Cryptographic Network Services
|
Cryptnet.dll
|
Smart card is a subsystem that provides access between a Smart Card reader and a Smart Card-aware application.
|
Required components
|
Key binary
|
|---|
|
Smart Card Subsystem
|
Scardsvr.exe, Scardssp.dll
|
|
Primitive: Winscard
|
Winscard.dll
|
Concepts
Authorization Security Components
Other Resources
Add Security Features to a Run-Time Image